40 Million Credit Cards Exposed

Parking Lot

Credit card processor CardSystems Solutions may have exposed nearly 40 million credit card numbers, according to information released over the weeked by MasterCard International. On Monday, nearly 200,000 cards were confirmed stolen, after a file containing the information was accessed by a hacker.

John Perry, CEO of CardSystems, told the New York Times the numbers resided in a file being used for research regarding why certain transactions were marked as "unauthorized or uncompleted." Perry admitted that the company was not following the policies of credit card companies by storing the card numbers.

13.9 million of the cards exposed were MasterCard-branded, while another 20 million were issued by Visa. The rest of the affected cards were from American Express, Discover, and others.

"We should not have been doing that," he told the paper. "That, however, has been remediated." He also assured that customer's data was secure, saying "we no longer store it on files."

The actions of CardSystems angered MasterCard enough to publicly disclose the security breach without first notifying CardSystems. "CardSystems provides services and is supposed to pass that information on to the banks and not keep it," MasterCard senior vice president Joshua Peirez said. "They were keeping it."

On Saturday, MasterCard warned that it could confirm at least 68,000 customers were at high risk, as it knew the card numbers had been exported from the system into the file CardSystems now admits to have stored. At least 100,000 Visa card numbers and 30,000 from various other companies are believed to be in the file as well.

It is believed that the break-in at CardSystems may be the largest case of exposed data ever. However, so far, only MasterCard has reported incidences of fraud on its members' accounts associated with the breach.

Visa, Discover and American Express have not seen any fraudulent activity as of yet, but said customers will not be responsible for any charges.